Windows Defender definitions are distributed via AutoUpdate, Windows Update,
Microsoft Update, and WSUS.
When you press that button, you trigger and AutoUpdate attempt to retrieve
the definitions from the configured update server. For the average home
user, that will be Microsoft's update servers. For someone on a corporate
lan, it will be the WSUS (or SUS) servers, and if SUS, the definitions will
not be available, if WSUS, they may be available at the decision of the
administrator. I don't think Windows Defender knows where they are coming
from--it knows how to test their validity and security, I'm quite sure, but
I doubt that it worries about how they arrive.
In your case, updating on your network is controlled by the WSUS
administrator--i.e. you! Unless you determine that Windows Defender is a
supported application on your network, and configure WSUS to carry the
definitions, users on the network won't receive them--you are in control.
In the situation where you hadn't yet enabled Windows Defender definitions
to be distributed over WSUS, the button still worked fine, it queryed your
WSUS server and found no definitions available. There's probably evidence
of this in the log file--not sure whether it is %windir%\windowsupdate.log
or not, but it probably is.
If you have a machine at home which isn't a domain member, it will recieve
definitions directly from Microsoft when you press that button, or,
optionally, before scheduled scans, or when a Windows or Microsoft Update
Express or Custom scan is done.
I hope I'm suceeding at describing this accurately, but don't blame me for
the design--I bekieve that the intent is to give the WSUS administrator
control of updates.